Windows Enterprise Desktop

Ed Bott at ZDnet dispenses some excellent advice in today’s Bott Report. In an article entitled “Windows 10 tip: Temporarily delay the Fall Creators Update,” he recasts conventional wisdom for business users. In this age of twice-a-year upgrades, practicing due diligence translates to “Businesses should wait on Fall Creators Update.” This adapts the well established business practice of tracking behind MS release dates to meet internal test and deployment cycles anyway. OTOH, businesses might instead prefer to adopt the Current Branch for Business (CBB) for Windows 10. Then, they’ll automatically lag a full release behind the leading edge anyway.

For the past three Insider Preview releases, the next Win10 release is labeled Version 1709.

Reasons Why Businesses Should Wait On Fall Creators Update

Once upon a time, businesses would wait until the first Service Pack for a new major release emerged before jumping on the upgrade wagon. These days, SPs are history, and a rolling and continuous upgrade cycle makes jumping both more interesting and problematic. I think Bott’s abosolutely correct to urge businesses to hang back and exercise caution. And indeed he also recommends deploying the new release into test environments first and foremost. That way, businesses can assess the impact and determine proper remediation strategies as and when they’re needed.

Once businesses get a handle on potential impact, and necessary changes and workarounds that come with them, they can start thinking about deployment. My best guess is that they’d be inclined to wait for the next scheduled upgrade cycle. At that time, they can decide to roll forward and track the latest release, at a discreet remove, or not.

And so it goes for IT pros in Windows-land. It’s time to start getting ready for the next big upgrade cycle. One thing’s for sure: ready or not, here it comes!

One of the innovations added to Windows 10 is support for touchpad gestures. These let you manage the UI by using multiple fingers on the touchpad with various motions. But for such gestures to work, you must have the right hardware drivers installed. I’m talking about the subject of this post — namely Precision Touchpad drivers. Until recently, in fact, this meant that you had to have the right hardware to host those drivers. But thanks to Chris Hoffman at the How-to Geek, you can add Precision Touchpad drivers anywhere on any laptop.

How to Add Precision Touchpad Drivers Anywhere It Makes Sense

Hoffman covers all the details in his September 22 article “How to Enable Microsoft’s Precision Touchpad Drivers on Your Laptop.” I’ll give the 10,000 foot view here along with an important disclaimer he offers. Basically, this process works by forcibly installing Microsoft’s Precision Touchpad drivers onto your laptop PC. First, find out if your laptop has a Synaptics (all of mine do) or Elan (none here) touchpad installed. Then download its driver file (the Synaptics comes from Lenovo; the Elan comes from Softpedia). Unzip that file into a temporary directory.

The key to force-installing comes from a Device Manager “trick.” Because the hardware isn’t strictly compatible, DevMgr normally refuses to install it. There’s a workaround, though. First, “Browse your computer…” then select “Let me pick from a list of available drivers…” Next, navigate to the folder where you unpacked the ZIP file. Then select the Synaptics or ELAN driver you downloaded, and tell the installer to proceed when it balks for compatibility reasons.

Ordinarily, I would never recommend installing an incompatible driver. But two of my laptops are Lenovo ThinkPads. Encouragingly, the Synaptics driver comes from the same vendor. That’s why I decided to give this process a shot. I did have a hiccup after the first restart following the driver install (I got a BSOD during boot-up on my T520 laptop). Otherwise, the process worked without a hitch on all three of my laptops/tablets with Synaptics touchpads (two Lenovos and a Dell Venue Pro 11 7139).

Here’s what I see on my non-Precision Touchpad devices after force-installing the PT driver.

About That Disclaimer…

I didn’t experience any problems in running the driver upgrade on my laptops and tablet PCs, except for the aforementioned hiccup. Even so, Hoffman recommends that users have a physical mouse handy as they attempt this driver change. The worst thing that can happen is that you lose the ability to use your touchpad, right? So in case that happens, plug in or pair up your physical mouse before you reboot. Then, you can still run the UI to roll back the touchpad driver if the touchpad quits working after the restart is complete. But in most cases, it seems you can indeed add Precision Touchpad drivers anywhere. Good stuff!

Here’s a weird one that popped up for me recently. After a recent Win10 update, the color scheme on my production PC turned an odd shade of yellow. Odd enough, in fact, that I just didn’t like it. I found myself resetting colors for various Windows UI elements to get back to the normal defaults. Then I discovered a terrific set of .reg files to restore the defaults with a trio of double-clicks. Much easier. So if you should find that wonky Win10 colors require registry edits, let me point you to the instructions to build those files for yourself.

My problem was exacerbated by synching themes across my Windows Live account. Thus, when my production desktop went wonky on me, it shared that wonkiness with all of the machines onto which I logged using the same account. Talk about the gift that keeps giving! This was one I couldn’t wait to return…

Where to Turn When Wonky Win10 Colors Require Registry Edits

After poking around in Google, I discovered a peachy article from Ramesh Srinavasan at Winhelponline.com. It’s entitled “How to Reset Windows Color and Appearance Settings,” and it works for Windows 8 and higher-numbered OS versions. When you cut’n’paste the text windows for the three registry keys you’ll work on, be sure to grab the entire files for each one, including the line that reads “Windows Registry Editor Version 5.00.” Otherwise, the files don’t work as registry scripts. Because such scripts execute with a simple double-click (far fewer clicks than manually importing those settings), be sure to grab them in their entirety when you create .reg files in which to house them.

When I created my files, I named them to correspond to their respective registry keys:

Three keys translate into three files. You could collapse them all into one file, if you wanted to, though.

Because my production machine seems to reset the color scheme back to “wonky” each time it sleeps, I’ve got these files ready to go at a moment’s notice. Remember to restart after you make your registry changes, and you’ll be back to the default.

Bad Diagnosis: It Was the Nvidia Driver…

When I logged back on this morning, September 22, the disgusting yellow color scheme had returned. Checked all three of the aforementioned registry keys and all were still set to the default. Reasoning that it had to be something else, I remembered seeing a report about issues with the Nvidia graphics driver on TenForums.com recently. I checked my driver and, sure enough, it was running version 385.86 (dated May 2017). Checking the Nvidia website, I saw a version 385.69 (dated 9/20/2017) was available. And when I installed that, my godawful color scheme vanished immediately. Now, I’m left wondering how that managed to spread to my other PCs via the Live Login synch, given that none of them share the same graphic card as the primary production machine…

Because I have recommended Piriform’s CCleaner utility in this blog (and in other blogs and articles) over the years, I must pass this important news along. It seems that a signed version CCleaner 5.33 32-bit, as distributed by Avast, somehow got infected by malware. Because CCleaner 5.33 32-bit carries malicious payload, users should check to see which version they’ve got installed. If they are indeed running a potentially infected version, they should uninstall it immediately. And of course, they’ll also want to run a deep and thorough virus scan as well.

If CCleaner 5.33 32-bit Carries Malicious Payload, Is the 64-bit Version a Risk?

Fortunately, it is not. Here’s what the Properties windows for the 64-bit version looks like. Right-click your CCleaner menu entry or .exe file to see what you’ve got:

The 64-bit version is clearly labeled as such in the .exe filename.

Unless you’re running 32-bit Windows, you’re unlikely to fall prey to this potential infection vector, though. That’s because the CCleaner installer automatically installs the 64-bit version by default on PCs running 64-bit Windows OSes. And today, that represents the majority of PCs running Windows 7, 8, or 10. (Most stats on such things show that only one or two out of every ten PCs runs a 32-bit OS). That said, if a 5.33 download file is present on your machine you’ll want to delete all copies to eliminate any chance of infection. (If present, it’s named ccsetup533.exe, ccsetup533.zip, or ccsetup533_slim.exe) At present, ClamWin AV appears to be the only widely and freely available AV tool that can detect this malware. And sure enough, it found it on my local PCs:

All versions of the CCsetup 5.33 download are likely to be infected: Securely delete them immediately!

Thus, the risk of infection is real and threatening enough to warrant spreading the word. That also means you should take the time to check to see which version is running on PCs with CCleaner installed. The 32-bit version of the program is named “CCleaner.exe” and is around 7 MB in size. By contrast, the 64-bit version is named CCleaner64.exe and is over 9 MB in size. As for myself, I still wait for the “slim” version of CCleaner to come out from Piriform because it includes no added menu extensions or other bloatware in its code base. Those who do likewise would still find the installer file to be infected, however, as shown above. All CCsetup533 versions I found on my PCs were infected.

More Info on CCleaner 5.33 32-bit Carries Malicious Payload

Here’s the announcement that caught my eye at TenForums.com “CCleaner: A Vast Number of Machines at Risk.” It came by way of Tweakhound from the Cisco Talos blog. The Talos post covers the malware payload in detail and also prescribes remediation strategies, for those who may be affected thereby. An easy way to check for infection on suspect machines is to dump the DNS cache to a text file, then to search for domain names that start with the string “ab” (a full list of DGA domains appears at the end of the Talos blog post linked earlier in this paragraph). Likewise, the presence of IP address 216.126.225.148 is also indicative of potential compromise.

Even if you don’t have this problem, it’s still worth reading through the Talos post. It provides a chilling and thorough analysis of how (and why) the incident occurred.

In reading over user requests for information at SuperUser.com this morning, I saw a simple-seeming request for info there. It read “How to show SSD and RAM size using terminal.” Basically, it asked for a way to determine total RAM installed on a PC and the presence and size of SSD drives it might house. Knowing that PowerShell illuminates system components nicely, I knew there had to be a way to do this using that toolbox of cmdlets. So I turned to Google to look things up and figure it out. It took about 15 minutes all told, and shows that PowerShell is powerful juju.

1. PowerShell Illuminates System Components: Total RAM

Sure, you can use the old Windows Management Instrumentation (WMI) calls to do this — even in PowerShell — by typing

wmic computersystem get totalphysicalmemory

But I wanted something a little friendlier and easier to read, with memory displayed in GB, not actual bytes. So I turned to Google again and learned that the Get-CimInstance cmdlet could tell me what I needed with a little script manipulation. CIM stands for “Common Information Model” and is based on a computer industry standard for defining device characteristics to make them accessible to and manageable by sysadmins and management programs alike.

In this case, the basic command is Get-CimInstance -class "Cim_PhysicalMemory" | % {$_.Capacity}. But that lists the capacity of each memory module on the PC, and doesn’t add things up. It also produces the string 8589934592 when I’d like to see 8 GB instead. A little script magic whips the whole thing into proper form:

The first long line adds up the capacities for all memory modules on the PC. The second line divides that result by 230 to convert bytes into gigabytes. The third line outputs the calculated value followed by “GB” to tell you how much RAM it detected.

This produces the output 32 GB on my PC, which is what I wanted to see, and would do likewise for RAM on other PCs as well. One down, one more to go. Note: the first three lines in the preceding script are actually one line of script broken for display purposes here. If you want to run this script, go to the end of the first line and hit the delete key to pull up the remaining part of that line. Do that again to make the script work properly.

2. PowerShell Illuminates System Components: SSD Presence and Size

This is a little easier to solve because there’s a cmdlet specifically focused on physical disk devices. Not coincidentally, it’s named Get-PhysicalDisk. One single command line will suffice to produce the requested output, with a little selecting and filtering to provide minimal information. Here ’tis:

Here again, seeing the string on more than one line means you need to delete spurious line breaks if you cut’n’paste it into PowerShell.

The first part of the string grabs physical disk attributes for all disks on the system (up to first pipeline symbol ‘|’). The second part of the string selects the FriendlyName, MediaType and Size attributes for those disks (up to second pipeline symbol). The third part of the string filters out any entries where the MediaType attribute is not “SSD.” The result is a listing of FriendlyName, MediaType and Size for all SSDs on the system where the string is executed. Here’s what that looks like on my production PC:

Three out of 8 drives on this system are SSDs.
[Click image for full-sized view.]

PowerShell Is Good Stuff!

The more you mess with PowerShell, the more you’ll come to appreciate its many capabilities. Just about any kind of Windows information or action you can think of, you can accomplish using PowerShell. The guy who posted to SuperUser could have spent his time digging into PowerShell himself and solved his issue quickly and easily. The more you learn PowerShell, in fact, the more you’ll end up using it.

I’ve got two test machines in my office dedicated to running Insider Preview versions of Windows 10. Just yesterday, MS unleashed Build 16288. In trying to get it installed this morning, I succeeded on the desktop test machine, but failed on the hybrid tablet. This produced an interesting error message I’d never seen before. It also led me to discover an online poll at ONmsft.com. It shows installs of Insider Preview 16288 failing more than succeeding. Go figure: with Fall Creators Update now scheduled for October 17, you’d think things would be fairly solid.

Surrounding news reports indicate that fixes are being staged in variants, due out starting at 5PM PDT today.

Evidence that Insider Preview 16288 Failing More Than Succeeding

The folks at ONmsft.com put up a poll page to gauge user experiences in installing this latest build. Right now, it appears that only about one in ten attempts to install the OS result in complete success. Here are those numbers, after I voted twice. (The status message shown simply indicates that the display shows my votes had already been counted; I saw the proper counters increment after each one):

As more people vote, these numbers will change, but here’s how things stand at around 11:30 AM Central Time on 9/13/17.

It will be interesting to see how all this rolls out over the next day or two. Usually, Win10 Insider Preview builds either succeed nicely or fail miserably. This one appears to fall in a grey area between those extremes, albeit more on the failing side. That said, if MS delivers the promised fixes, this will no doubt be just a temporary pothole on the road to the Fall Creators Update release next month. Please stay tuned, and I’ll keep you informed. That’s how things sometimes go, when beta-testing software (especially OS releases).

Follow-up: September 13/14

After 5 PM PST, as promised, MS released newer versions of the 16288 build. It worked like a charm on my Dell Venue Pro 11 (7139), as it reportedly has for most others who’ve tried to install since then. This looks like it was a purely temporary hiccup. It’s interesting to see MS being willing to air its dirty laundry and show rapid progress with fixes at the same time. It’s kind of distracting to have to keep checking on stuff when it doesn’t work out the gate, but also heartening to see MS come up with workable fixes in pretty short order.

I got feedback from one blog post reader that people could care less about this kind of thing. But according to my various sources of access tracking, more than 300 people read this post within a day of its release. And so it goes, here in Windows-world!

Ahead of the curve is a common phrase in IT, and it’s almost always used in a positive light. After all, new technologies and cutting-edge innovations keep the industry growing. Without vendors constantly striving to be ahead of the curve, we’d still be working on unwieldy computer terminals connected to giant mainframes.

But sometimes vendors can go too far and get themselves in trouble. The tipping point is when ahead-of-the-curve technologies and strategies don’t align with customers’ needs.

Workspace suites, as the March issue of Access covered, offer one such example. They aim to provide unified access to and management of all end-user applications and data, which is great. But they combine a lot of different product types, many of which are still emerging, such as enterprise mobility management and identity and access management. Those technologies represent a new way of doing things for both IT and users, and many organizations aren’t ready to adopt them yet — let alone adopt suites that integrate them with other products.

Workspace suites are not at the core of any vendor’s business — at least not yet — and organizations can still buy all their components separately. So while they are too far ahead of the curve, it’s not a huge problem.

Citrix’s push to become a cloud-first vendor focused on security and analytics exemplifies a thornier issue. The company — which changed CEOs in July, citing the need to pivot faster — is betting big on cloud-based management.

The approach makes sense for Citrix. From a financial perspective, selling software on a subscription basis strengthens the customer relationship and makes revenues more predictable. Plus, when existing customers are locked in for the duration of a subscription, it frees up sales staff to pursue new business.

And from a technology perspective, cloud is the future. As users, apps and data become more distributed, the cloud will become not only more convenient but necessary for connecting to and managing these assets.

Many customers aren’t buying in, however.

“With the shift to cloud, is Citrix focusing on the wrong thing?” asked Tim Riegler, a systems engineering manager at a Citrix shop in the healthcare industry. “Lots of Citrix loads run on premises, especially legacy applications or anything that requires large file access. Plus, there are a host of issues with cloud: access, cost, complexity, management.”

In addition, organizations have made significant investments in on-premises management software. It needs to make financial sense for IT departments to abandon their existing investments in favor of cloud, and that’s not always the case these days.

Cloud-first management is an ahead-of-the-curve strategy for Citrix. But it doesn’t align with many IT departments’ current needs. And that’s a problem.

This post originally appeared in the September 2017 issue of Access Magazine.

Maybe, to mangle Shakespeare, we don’t need to kill ALL the lawyers. A recent suit in Baden-Wuerttemberg, Germany, brought by its consumer protection agency has settled. It originated from the 6GB of pre-staged upgrade files for Windows 10. If you’ll recall, MS uploaded a raft of files to PCs prior to the first Windows 10 upgrade. It affected Windows 7 and 8.1 users alike. It also caused consternation for those on limited or metered Internet service plans. Not only did MS provide no prior warning, it gave users no opt-out, either. But before the court could rule against Microsoft, the company voluntarily agreed to quit such behavior. Thus, this German court case foils aggressive MS updates going forward. With the Fall Creators Update just weeks away, that means Win10 users need expect no big mystery downloads to hit their PCs.

Lots of users got steamed when they realized that “never” was NOT an option for downloading upgrades to Windows 10

If a German Court Case Foils Aggressive MS Updates, What Does This Mean?

I got my information from the UK website, express.co.uk. According to its voluntary agreement, Microsoft is “obliged to avoid placing installation data for new operating systems on Windows users’ hard drives without their permission.” Now, MS must ask for permission to pre-stage upgrade files to our PCs. Given the time lag on some PCs in receiving the Spring Creators Update (Version 1703) this year, it may not have been a problem anyway. But it’s comforting to know that MS promises to “play nice” going forward, when it comes to parceling out big upgrade files in advance. Now, if I could just figure out when my older PCs would get the upgrade automatically, I’d be a happy camper… Maybe I should ask the Verbraucherzentrale (literally translated “User Central”) group to look into this, too?

Huh! Turns out there’s an easy way to use a reference Windows installation to create an ISO file. This might not sound like a big deal, but give it some thought. For one thing, it means admins can use a customized Windows 10 installation to spawn as many copies as they like. For another thing, it means power users can snapshot their current installation to create an installer from that image. In turn, this means they can restore or reinstall that image any time they like. Better yet, it’s easy to build install ISO for current Win10 image, if you follow the right steps.

Caveats to Build Install ISO for Current Win10 Image

This approach works only when all elements and user accounts reside on the default Windows drive, aka %windir%. For most installs, this means the C: drive. If any data has been relocated to some other drive, including any or all files or folders for user files, the Documents folder, and so forth, a Windows image file based on the install will not work to (re)install the Windows OS. Unless you’re 100% sure this applies to a reference or target install, you may do the work only to discover that the install doesn’t work. In such a case, it’s best to start over with a clean Windows install and do the work necessary to customize it the old-fashioned way. After that, you can proceed with the steps described to build the custom .wim file confident that it will work the next time you try.

You also need to clean up your system completely before making a snapshot of the image to create the .wim file for the ISO. A TenForums tutorial on this topic is available (follow the instructions in Option Two “To Open and Use Extended Disk Cleanup”). Here again, such cleanup is essential to achieving a successful outcome for your efforts.

The image creation process requires use of the Windows install media, which should be the most current version available. (Visit the Download Windows 10 page to find this.) Boot to the install media, then start the Windows installation process. You’ll press Shift+F10 to launch the Command Prompt window once you see the screen for region and format election. Then you’ll use diskpart to identify your source partition for the Windows image, and the dism (Deployment Image Servicing and Management) command to snapshot your image and create a .wim file. The process is time-consuming and requires close attention to dism syntax, but is otherwise straightforward. The final step is to replace the default (non-custom) install.wim on the Media Creation Tool (MCT) USB with the custom install.wim you just built. After that you can use your customized MCT to install your tailored Windows 10 image as you see fit.

When you see this screen, click Shift+F10 to get into the Command Prompt window…

Get All the Gory Details

The devil is in the details, of course. And that’s where my friend and co-author, Kari Finn, sheds ample light on this subject. His TenForums tutorial on this topic provides nicely-illustrated step-by-step instructions on how to do this. That tutorial is called “Create Windows 10 ISO Image from Existing Installation & Upgrade” and is eminently worth checking out. Then, you too can easily build Install ISO for current Win10 image. Enjoy!

OK, now we’ve got a date for the next major public upgrade to Windows 10. In a post to the Windows blogs, EVP Terry Myerson made it official. Here’s the first sentence : “The next update of Windows 10, the Fall Creators Update, will be available worldwide October 17.” He goes on to tout “an evolution to the photos experience” that lets users put visuals together with “photos, videos and 3D effects.” He also mentions “enhancements in gaming, security, accessibility, and …Mixed Reality,” too. This raises the question “When the Win10 Fall Creators update hits October 17,” how will this new release be received?

What to Expect When Win10 Fall Creators Update Hits October 17

After the 1703 build went out the door in April, we witnessed a loooooong rollout to the user base. I gave up waiting on my wife’s PC in August, myself. I’d decided to hold back and wait for MS to push the update to that machine to see when MS got around to it. But when August came and had almost gone, I decided to jump to 1703 anyway, and used the media creation tool (MCT) to force matters to completion. In fact, some PCs still haven’t received the previous upgrade, even as the new one gets queued up with about five weeks to go before release day. One wonders if the next upgrade will be subject to the same long, drawn-out process.

I’ll probably end up jumping early on most of my PCs, using the Download Windows 10 page to grab a current version of the MCT on or after October 17. I imagine many others will do likewise. It should be interesting to see how quickly the user base jumps on the upgrade bandwagon. It will also be interesting to see if more business users climb onto the Current Branch for Business (CBB), currently at Version 1607 (Build 14393.1593), which will probably increment to 1703 (at whatever Build is current come October 17, 2017) when Win10 Fall Creators Update hits October 17. As of May 2017, about 12.5% of the estimated 500 million Windows 10 users were in businesses (source: Petri.com).